move peer_vert verificaiton code into its own method

author Tony Mack <tmack@cs.princeton.edu>

Wed, 14 Oct 2009 00:34:52 +0000 (00:34 +0000)

committer Tony Mack <tmack@cs.princeton.edu>

Wed, 14 Oct 2009 00:34:52 +0000 (00:34 +0000)
author Tony Mack <tmack@cs.princeton.edu>
Wed, 14 Oct 2009 00:34:52 +0000 (00:34 +0000)
committer Tony Mack <tmack@cs.princeton.edu>
Wed, 14 Oct 2009 00:34:52 +0000 (00:34 +0000)
diff --git a/sfa/trust/auth.py b/sfa/trust/auth.py

index 19bdd6e..611a9ba 100644 (file)
--- a/sfa/trust/auth.py
+++ b/sfa/trust/auth.py
@@ -46,11 +46,6 @@ class Auth:
          if not self.client_gid:
              raise MissingCallerGID(self.client_cred.get_subject())
  
-        # make sure the client_gid matches client's certificate
-        peer_cert = self.peer_cert
-        if peer_cert and not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
-            raise ConnectionKeyGIDMismatch(self.client_gid.get_subject())
-
          # make sure the client is allowed to perform the operation
          if operation:
              if not self.client_cred.can_perform(operation):
@@ -65,6 +60,11 @@ class Auth:
  
          return True
  
+    def verifyPeerCert(self):
+        # make sure the client_gid matches client's certificate
+        peer_cert = self.peer_cert
+        if not peer_cert.is_pubkey(self.client_gid.get_pubkey()):
+            raise ConnectionKeyGIDMismatch(self.client_gid.get_subject()            
  
      def verifyGidRequestHash(self, gid, hash, arglist):
          key = gid.get_pubkey()
author	Tony Mack <tmack@cs.princeton.edu>
	Wed, 14 Oct 2009 00:34:52 +0000 (00:34 +0000)
committer	Tony Mack <tmack@cs.princeton.edu>
	Wed, 14 Oct 2009 00:34:52 +0000 (00:34 +0000)